Ethereum giant whale thomasg.eth's self-report: How was $100 million almost defrauded?
Original compilation: 0x137
Original compilation: 0x137
This article is based on the views of Arrow founder thomasg.eth on his personal social media platform, which is compiled and translated by BlockBeats as follows:
Rhythm note, because there are more than 100 million U.S. dollars in ETH in the ENS wallet, thomasg.eth was targeted by fraudsters, and almost all personal assets were defrauded.
Over the past two weeks I have been the target of an advanced scam ring that has cost me almost all of my ETH. I was very lucky to escape this incident unscathed, so I want to share the history of the incident with everyone.
I am the founder of Arrow(Rhythm note, this is a DAO dedicated to building an open source air taxi platform). We're still in the early stages and focused on growing the team, so we're open to contributors, and we won't turn anyone away if they want to help.
Two weeks ago, a user called "heckshine" joined our Discord and started introducing himself. According to himself, he is currently working for Ubisoft, providing services in 3D design and animation. The language of the message is a bit odd, but I'm just blaming it on the language barrier.
Heckshine has another friend who is very interested in Arrow. She is working on a metaverse project, and her brother-in-law is also a vice president of Boeing.
Over the next few days, heckshine started working on various animation projects for Arrow, including designing an anime hero for the website, creating some renderings of airplanes, etc. We were very impressed with his dedication to the project.
At the same time, heckshine also contacted his friend Linh, who was obviously also interested in our project. Heckshine asked me to send her an email, and from what he told me, Linh seemed to be his friend with the Boeing connections.
Linh sent me a very respectable email back about Space Falcon, a metaverse project she's working on. I'm actually not interested in this project, but I'm not a real NFT player, so there is no reason to reject her idea.
Sure enough, she told me about her connections at Boeing and Wisk, and offered some thoughts on Arrow. Linh seemed eager to help us with our potential partnership with Boeing. Also, the tone of her email was a bit odd, though I still think it's a language barrier.
After moving the topic to Discord, we started talking more about our respective backgrounds and eventually settled on her as an advisor on the project. She offered guidance and advice to help us navigate partnerships, and I was excited for her support.
Later, she told me more about Space Falcon, and I felt that this NFT project was similar to other "get rich quick" projects. But for what she's done for Arrow, I also had to show some support in return.
Space Falcon uses a Token called Armstrong Wrapped Ether (aWETH). I am lazy and have not studied it in detail, but its basic logic is that users rent NFT, and holders get corresponding passive income. I told her the mod sounded great and would love to keep updated. Linh agreed to keep in touch with me and I moved on to other things.
I checked out Space Falcon privately and it seems to be a pretty popular game project on Solana, and I saw Linh's name on the team page as well.
For the next 10 days, heckshine was active on the Discord every day, putting out some super high quality renderings, not particularly seaworthy, but he was more than happy to help, so I figured ok Improve these designs through some iterations.
I can’t overstate how committed and genuine heckshine has been throughout the process, and we’re pretty much aligned on our personal vision, and I’m glad he’s so passionate about what we’re doing.
Until yesterday, things started to get a little strange.
Heckshine and I had been discussing the blueprints for our v1 aircraft. He gets the parameters of the entire configuration and is ready to start rendering when he wakes up in the morning. But Linh suddenly told me that Wisk executives agreed to invite me to visit their Workshop.
It's actually ridiculous now, but I had no reason not to believe Linh at the time, and we were really touched by the efforts he made for us. We settled on a specific itinerary, and the Wisk exec emailed me a formal invite.
While chatting, Linh started telling me about the staking application they just launched, and offered to send me the NFT. Things have developed to this point, I should at least provide them with some experience support, right?
So I asked her to send the NFT to my hot wallet, but she sent it to my main wallet on the grounds that the NFT was worth a lot, which I thought was no big deal.
She sent me some instructions for the staking app, and the website page looked pretty good, showing three transactions: Approve NFT, Approve aWETH, and Staking. Approving aWETH This step might seem a bit odd, but since I don't have aWETH, no worries.
Here's why I consider myself very lucky: Since this is a new project, I decided to transfer the NFT to a new ETH address before staking, in case it gets exploited by someone else. The staking process was very smooth, and I have also benefited from it.
So I fed back my experience to Linh and she offered to send me some other NFTs but wanted me to deposit them into my main account to help their community grow further.
It's kind of annoying, but I agree. But after I told Linh that I would read through the contract before depositing the NFT into the main account, she started to get aggressive, and that's when I started to realize that something was wrong.
I quickly opened etherscan and looked at the address of the NFT I pledged before, but my whole body became cold instantly...
The aWETH I approve is not Armstrong WETH, but Aave's Aave WETH. If I do the approval on my main wallet, I will lose all my ETH...
I immediately blocked both of them, and they also started deleting their Discord messages after realizing the question was wrong. As some sort of last-ditch effort, Linh sent me 0.2 ETH to pay the gas fee, asking me to refund their NFT, although I don't know what the logic is...
I later dug further into the contract that approves spending aWETH and found a truly scary feature. These scammers can transfer any amount of aWETH from my account through the function in the image below.
I eventually found their source of funding on etherscan - a Tornado Cash deposit of 100 ETH. These guys are deep pocketed and super savvy.
I have to assume they hired a 3D design contractor who did most of the work on Heckshine. They also built custom contracts and frontends specifically for this scam, as far as I know.
So what about SpaceFalcon? As far as I know, this is a real project on Solana, but the real project is using spacefalcon.io and the scammers are using ".com". So the "Linh" I've been interacting with before may just be the real Linh himself.
Through this incident, I also summed up some lessons learned:
1. Approving tokens can be very dangerous, and they must be treated very carefully. Try to limit approvals if possible.
2. Liars are getting smarter these days. Before this, the best scam I've ever come across was basically "Hi, I'm tech support, please share your private key so we can help."
3. Always do a good job of checking, no matter how much you trust a project. These guys spent two weeks focusing on my specific weakness, and I almost fell for it.
Original link
IOS
Android